Re: WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read details

Posted by Berend-Jan Wever on Nov 10

Some additional information:

It was pointed out to me that I did not adequately explain that WININET
is widely used by Microsoft applications to handle HTTP requests,
*AND* probably be all third-party applications that use Windows APIs to
make HTTP requests. All these applications may be vulnerable to the
issue, though it may be hard to exploit in most (if not all).

According to Microsoft this issue affected MSIE and Edge and was fixed
through…

Leave a Reply